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DETAILED ACTION 
Response to Amendment 

1 . The Applicant's amendment, filed 16 February 2007, has been received, entered 
into the record, and respectfully and fully considered. 

2. As a result of the amendment, claims 1,3-11,17 and 21-25 have been amended 
and claims 1-25 are now presented for examination. 

3. Although claim 1 1 is substantially amended, the Applicant still listed the claim as 
original on page 6 of the claim, which is contradicted with Applicant's remark on page 
13. 

Claim Objections 

4. Claims 1-3 and 4-1 0 are objected to because of the following informalities: 

a. Claims 1-3 recite "a first network authority" is not clearly defined/supported 
in the original disclosure. Further, the examiner does not find any support on newly 
added claim limitations "the first network authority receiving from the super authority an 
indication of a selected network authority, selected from among the first network 
authority and the one or more other network authorities, that is authorized to 
authenticate the principal based on the account identifier and the first network authority 
transferring the login request to the selected network authority for processing, even if 
the selected network authority is one of the one or more other network authorities. 
Appropriate correction is required to point out where this amended claim limitations are 
in the original disclosure and please note no new matter should be added in the 
original disclosure in addressing the claim objections. 
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b. Claim 4 recites "one or more recordable-type computer-readable media 
having stored there one computer-executable instructions..." and it is grammatically 
incomprehensible. 

Any claim not specifically addressed, above, is being objected as incorporating 
the deficiencies of a claim upon which it depends. 

Claim Rejections '3SUSC§112 

5. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

6, Claims 1-3 and 17-20 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

As per claim 1, it recites the limitation "a first network authority" in lines 1, 8, 10, 
14 and 17. Since there is no first network authority in the original disclosure, "first 
network authority" is undefined. In order to further examine on the merits of the claim, 
the Examiner interpreted "a first network authority" is an authority, which is different 
from the super authority. 

As per claim 17, the preamble recites "the method comprising". However, the 
body of the claim recites system structure, "means for... .". Is the Applicant's intention to 
claim an apparatus or a method? 

Any claim not specifically addressed, above, is being rejected as incorporating 
the deficiencies of a claim upon which it depends. 
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Claim Rejections - 35 USC § 101 

7. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

8. Claims 4-10, 17-20 and 21-25 are rejected under 35 U.S.C. 101 because the 
claimed invention is directed to non-statutory subject matter. 

With respect to claims 4-10, "one or more recordable-type computer-readable 
media," is recited. The "computer-readable medium," in accordance with Applicant's 
specification, includes data signal, such as a carrier wave on page 6-7 of the 
specification. Therefore, "recordable-type computer-readable media having stored 
there computer-executable instructions" is interpreted as computer-executable 
instructions of a controlling authority embedded/recorded on the modulated data signal 
such as a carrier wave. This subject matter is not limited to that which falls within a 
statutory category of invention because it is not limited to a process, machine, 
manufacture, or a composition of matter. Instead, it includes a form of energy. Energy 
does not fall within a statutory category since it is clearly not a series of steps or acts to . 
constitute a process, not a mechanical device or combination of mechanical devices to 
constitute a machine, not a tangible physical article or object which is some form of 
matter to be a product and constitute a manufacture, and not a composition of two or 
more substances to constitute a composition of matter. 

With respect to claims 17-20 are directed to a method of controlling 
authentication of principals. However, it appears that the method would reasonably be 
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interpreted by one of ordinary skill in the art as structure. There is no step/process 
recited as part of the method. 

With respect to claims 21-25, "one or more recordable-type computer-readable 
media," is recited. The "computer-readable medium," In accordance with Applicant's 
specification, includes data signal, such as a carrier wave on page 6-7 of the 
specification. Therefore, "recordable-type computer-readable media having stored 
there computer-executable instructions" is interpreted as computer-executable 
instructions embedded/recorded on the modulated data signal such as a carrier wave. 
This subject matter is not limited to that which falls within a statutory category of 
invention because it is not limited to a process, machine, manufacture, or a composition 
of matter. Instead, it includes a form of energy. Energy does not fall within a statutory 
category since it is clearly not a series of steps or acts to constitute a process, not a 
mechanical device or combination of mechanical devices tp constitute a machine, not a 
tangible physical article or object which is some form of matter to be a product and 
constitute a manufacture, and not a composition of two or more substances to constitute 
a composition of matter. 

Claim Rejections • 35 USC §102 

9. The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that 
form the basis for the rejections under this section inade in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
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applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

10. Claims 4 and 6 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Crane et al. (U.S. Patent No. 6,510,236). 

As per claim 4, Crane et al. discloses a controlling authority (application server 
12 in fig. 1 corresponds to Applicant's a controlling authority) for identifying an 
authenticating authority (application authentication server 17 in fig. 4 corresponds to 
Applicant's authentication authority) for authenticating a principal for access to network 
resources comprising: 

an identity catalog ("a local database 15 or a network directory service" - e.g. col. 
5, lines 3-4) mapping at least one account ID ("Typically, an authentication device or 
device type is supported if there is a device authentication server 1 8 available to the 
framework. A given device authentication 18 typically registers with the application 
server for this purpose" - e.g. col.. 3, lines 54-58 and col. 3, lines 13-16) of at least one 
principal to an identifier of a corresponding authenticating authority ("The particular 
device authentication server selected by the application sen/er depends on the 
authentication device or its type" - e.g. col. 5, lines 18-20); and 

an authority resolution module ("The invention framework preferably is - 
implemented in software residing on the client, the application server, and the individual 
authentication device servers..." - e.g. col. 6, lines 25-36) for accessing the identity 
catalog to match the account ID based on the identity of the principal ("... In particular, 
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each authentication device may be registered with the framework, in which case a 
complete list of authentication devices is provided in the database 15" - e.g. col. 5, lines 
6-8 and "Each device type typically has its own authentication device server 18. Thus, 
the framework has multiple authentication device servers 18 associated therewith" - 
e.g. col. 3, lines 14-16) with a corresponding authenticating authority (e.g. col. 5, lines 1- 
8) and for causing an authentication request to be directed to the corresponding 
authenticating authority ("...and then fonvards authentication data in the request to that 
server" - e.g. abstract. Please note that server is the corresponding authenticating 
authority). 

As per claim 6, Crane et al. discloses the controlling authority as claimed in 
claim 4. Crane et al. further discloses wherein the identity catalog maps a plurality of 
account IDs to a corresponding plurality of authenticating authorities ("... In particular, 
each authentication device may be registered with the framework, in which case a 
complete list of authentication devices is provided in the database 15" - e.g. col. 5, lines 
6-8 and "Each device type typically has its own authentication device server 18. Thus, 
the framework has multiple authentication device servers 18 associated therewith" - 
e.g. col. 3, lines 14-16). 

Claim Rejections - 35 USC § 103 

1 1 . The following Is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

12. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 

13. This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 

14. Claims 1-3, 11-13, 15-19 and 21-25 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Martherus et al. (US Pub No. 2002/01 12155) in view of Crane 
et al. (U.S. Patent No. 6,510,236). 
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As per claims 11 and 17, Martherus et al. discloses a method/apparatus of 
controlling authentication of principals for access to network resources in a network 
environment comprising: 

Receiving a request for.an authenticating authority resolution from one of a 
plurality of authenticating authorities (Web sender 18 in fig. 1 corresponds to Applicant's . 
an authority), wherein the request comprises an account ID of a principal to be 
authenticated ("Fig. 32 provides an exemplar method for 
performing... authentication... In response, the user enters and the user's browser 
submits the requested user ID and password... In step 1206, Web Gate 28 intercepts 
the user submission.. - e.g. paragraph [0204] and fig. 32); 

Accessing an assignment mapping that maps each account ID in a plurality of 
account Ids to a corresponding plurality of authenticating authorities that can be used to 
authenticate the account ID, the account ID comprising the identity of the principal 

But Martherus et al. fails to disclose the limitations for accessing an assignment 
mapping that maps each account Ids to a corresponding plurality of authenticating 
authorities that can be used to authenticate the account ID and using super authority to 
direct authentication requests to the appropriate authorities and the appropriate 
authorities will authenticate principals and causing an authentication request to be 
transmitted to the assigned authenticating authority located from among the one or 
more authenticating authorities, the assigned authenticating authority having been 
located using the principal's account ID. 



Application/Control Number: 10/667,582 Page 10 

Art Unit: 2135 

However, such missing limitations in Martherus et al. is clearly taught in the 
aforementioned Crane et al. reference by disclosing ("...The application server 
determines which device authentication server the request is intended for, and 
then forwards authentication data in the request to ttiat server" - e.g. abstract), 
("...the authentication devices may be conventional devices or schemes based on 
id/password..." - e.g. col. 3, lines 26-28), ("...In particular, each authentication device 
may be registered with the framework, in which case a complete list of authentication 
devices Is provided In the database 15" - e.g. col. 5, lines 6-8 and "Each device type 
^ typically has its own authentication device server 18. Thus, the framework has 
multiple authentication device servers 18 associated therewith" - e.g. col. 3, lines 14- 
16), ("The particular device authentication server selected by the application 
server depends on the authentication device or its type" - e.g. col. 5, lines 18-20) 
and ("The invention accomplished this object by using the application server as a "traffic 
cop" or router to manage authentication requests from the various clients" in col. 3, lines 
38-41, "...The application server, however, does not perform an authentication function 
with respect to the data. Rather, it first determines whether the authentication device or 
device type... This evaluation is typically effected by scanning a local database... The 
particular device authentication server selected by the application server depends on 
the authentication device or its type" in col. 4, lines 64 - col. 5, line 20. Please note 
"application server 12 in fig. 1 corresponds to Applicant's super authority and 
"authentication server 18 in fig. 1 corresponds to Applicant's authority). 
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Martherus et al. and Crane et al. are analogous art in that they are of the same 
field of endeavor, that is, a system and/or method of an authentication framework for 
authenticating clients. It would have been obvious to a person of ordinary skill in the art 
at the time of the invention to incorporate such well known feature as taught in the 
Crane et al. reference into the Martherus et al. system motivated by "to provide an 
authentication architecture that enables client-server and Internet based applications to 
use alternate authentication devices, e.g., token cards and biometric devices and to 
provide an application server with the capability of managing authentication request 
traffic from a variety of clients having disparate authentication devices or schemes. And 
...in addition, because authentication data is stored on separate authentication device 
servers, security is enhanced" (col. 1, line 61 - col. 2, line 4 and col. 5, line 65 - col. 6, 
line 24), as taught by Crane et al. 

As per claims 12-13 and 18-19, the combined teachings of Martherus et al. and 
Crane et al. disclose the method/apparatus as applied in claims 1 1 and 17. Crane et al. 
further discloses wherein each account ID comprises a namespace identifier ("user (id) 
as well as device (id)" - e.g. col. 4, lines 58-63). And in col. 5, lines 45-50, Crane et al. 
additionally discloses "A plurality of device authentication servers are supported by the 
framework, preferably with at least one server providing authentication services for each 
type of authentication device supported. This allows any supported device 
authentication server to verify data from any supported authentication device on the 
network". Therefore, it would have been obvious for a person having ordinary skill in 
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the art at the time of the invention that the plurality of account IDs comprises at least 
two account IDs having a common namespace identifier (two different user ID with 
same device type/id) can be mapped to at least two different respective ones of the 
plurality of authenticating authorities and/or that the plurality of account IDs comprises 
at least two account IDs having different namespace identifiers (two different user ID 
with different device type/id) can be mapped to the same one of the plurality of 
authenticating authorities. The motivation of doing so, "to allow any supported device 
authentication server to verify data from any supported authentication device on the 
network", as taught in col. 5, lines 48-50 and to balance workload of each authentication 
server. 

As per claim 15, the combined teachings of Martherus et al. and Crane et al. 
disclose the method as applied in claims 11 Martherus et al. further discloses wherein 
the assignment mapping is based at least in part on the organizational affiliation of 
principals within an entity (fig. 4 and paragraphs [0100]-[0102]). 

As per claim 16, the combined teachings of Martherus et al. and Crane et al. 
disclose the method as applied in claims 1 1 . Martherus et al. further discloses wherein 
the assignment mapping is based at least in part on the geographical location of 
principals (fig. 4). 
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As per claims 21-25, the combined teachings of Martherus et al. and Crane et 
al. disclose the claimed method of steps as applied above in claims 11-13 and 15-16. 
Therefore, the combined teachings of Martherus et al. and Crane et al. disclose the 
claimed computer-executable instructions embodied in a computer-readable medium for 
carrying out the method of steps. 

As per claims 1 and 3, Martherus et al. discloses a method of authenticating a 
principal in a network environment for access to secured resources ("...capable of 
authentication a user for a plurality of domains In a network-based system..." - e.g. 
paragraph [001 1 ]) comprising: 

receiving at the first authority (Web server 18 in fig. 1 corresponds to Applicant's 
first authority) a login request from the principal, wherein the login request comprises an 
account identifier ("Fig. 32 provides an exemplar method for 
performing... authentication... In response, the user enters and the user's browser 
submits the requested user ID and password... In step 1206, Web Gate 28 intercepts 
the user submission.. - e.g. paragraph [0204] and fig. 32); 

transmitting the account identifier from the first authority to the super authority to 
authenticate the principal based on the account identifier (". . . passes the user ID and 
password to Access Server..." - e.g. paragraph [0204] and step 1206 in fig. 32); 

authenticating the principal at the super authority ("Access Server authentication 
module 540 then authenticates the user using the user ID and password in step 1208. 
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In step 1210, authentication module 540 returns the authentication result..." - e.g. 
paragraph [0204] and steps 1208, 1210 in fig. 32). 

the first network authority transferring the login request to the selected network 
authority for processing, even if the selected network authority is one of the one or more 
other network authorities ("user access requests for a protected resource in a first 
domain are received and redirected to a second domain. User authentication is 
performed at the second domain" - e.g. abstract). 

Martherus et al. discloses receiving the authentication requests, transmitting the 
request to the super authority and authenticating the principal at super authority. But it 
fails to disclose the limitations for using super authority to direct authentication requests 
to the first network authority and the first network authority transfer the login request to 
the appropriate authorities and the appropriate authorities, such as the first authority will 
authenticate principals will authenticate principals. 

However, such missing limitations in Martherus et al. is clearly taught in the 
aforementioned Crane et al. reference by disclosing ("...The application server 
determines which device authentication server the request is intended for, and 
then forwards authentication data in the request to that server" - e.g. abstract), 
("...In particular, each authentication device may be registered with the framework, in 
which case a complete list of authentication devices is provided in the database 15" - 
e.g. col. 5, lines 6-8 and "Each device type typicaliy has its own authentication 
device server 18. Thus, the framework has multiple authentication device servers 18 
associated therewith" - e.g. col. 3, lines 14-16), ("The particular device 
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authentication server selected by the application server depends on the 
authentication device or its type" - e.g. col. 5, lines 18-20) and ("The invention 
acGomplished this object by using the application server as a "traffic cop" or router to 
manage authentication requests from the various clients" in col. 3, lines 38-41, "...The 
application server, however, does not perform an authentication function with respect to 
the data. Rather, it first determines whether the authentication device or device 
type... This evaluation is typically effected by scanning a local database... The particular 
device authentication server selected by the application server depends on the 
authentication device or its type" in col. 4, lines 64 - col. 5, line 20. Please note 
"application server 12 in fig. 1 corresponds to Applicant's super authority and 
"authentication server 18 in fig. 1 corresponds to Applicant's authority); 

Martherus et al. and Crane et al. are analogous art in that they are of the same 
field of endeavor, that is, a system and/or method of an authentication framework for 
authenticating clients. It would have been obvious to a person of ordinary skill in the art 
at the time of the invention to incorporate such well known feature as taught in the 
Crane et al. reference into the Martherus et al. system motivated by "to provide an 
authentication architecture that enables client-server and Internet based applications to 
use alternate authentication devices, e.g., token cards and biometric devices and to 
provide an application server with the capability of managing authentication request 
traffic from a variety of clients having disparate authentication devices or schemes. And 
...in addition, because authentication data is stored on separate authentication device 
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servers, security is enhanced" (col. 1, line 61 
line 24), as taught by Crane et al. 
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- col. 2, line 4 and col. 5, line 65 - col. 6, 



As per claim 2, the combined teachings of Martherus et al. and Crane et al. 
disclose the method as applied in claim 1 . Martheurs et al. further discloses wherein 
the account identifier comprises a principal identifier and a namespace identifier ("The 
user enters and the user's browser submits the requested user ID and password." - e.g. 
paragraph [0204]). 

13. Claims 7-8 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Crane et al. 

As per claims 7-8, Crane et al. discloses a controlling authority as applied in 
claim 6. Crane et al. further discloses wherein each account ID comprises a 
namespace identifier ("user (id) as well as device (id)" - e.g. col. 4, lines 58-63). And in 
col. 5, lines 45-50, Crane et al. additionally discloses "A plurality of device 
authentication servers are supported by the framework, preferably with at least one 
server providing authentication services for each type of authentication device 
supported. This allows any supported device authentication server to verify data from 
any supported authentication device on the network". Therefore, it would have been 
obvious for a person having ordinary skill in the art at the time of the invention that the 
plurality of account IDs comprises at least two account IDs having a common 
namespace identifier (two different user ID with same device type/id) can be mapped to 
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at least two different respective ones of the plurality of authenticating authorities and 
that the plurality of account IDs comprises at least two account IDs having different 
namespace identifiers (two different user ID with different device type/id) can be 
mapped to the same one of the plurality of authenticating authorities. The motivation of 
doing so, "to allow any supported device authentication server to verify data from any 
supported authentication device on the network", as taught in col. 5, lines 48-50 and to 
balance workload of each authentication server. 

14. Claims 5, 9-10 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Crane et al. as applied to claims 4-6 above, and further in view of Martherus et al. (U.S. 
Pub No. 2002/0112155). 

As per claim 5, Crane et al. discloses a controlling authority as applied in claim 
4. Crane et al. is silent on a network interface for passing the account ID to the 
authority resolution module and for receiving from the authority resolution module an 
authentication request directed to the corresponding authenticating authority. However, 
such missing feature in Crane et al. is clearly taught in the paragraph [0083] "Web Gate 
28 acts as an Interface between Web Server 18 and Access Server 34. Web Gate 28 
intercepts requests from users for resources, and authorizes them via Access Server 34 
and paragraph [0194]" of the aforementioned Martherus et al. reference, the same field 
endeavor. It would have been obvious for a person having ordinary skill in the art to 
incorporate such well known feature as taught in the Martherus et al. reference into 
Crane et al.'s controlling authority motivated by to provide "an interface between Web 
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Server and Access server and to redirect user authentication exchanges to the e- 
business host's designated web log-in Web Server", as taught in paragraph [0083] and 
[01 94] of the Martherus et al. reference. 

As per claim 9, Crane et al. discloses a controlling authority as applied in claims 
4 and 6 above. Crane et al. is silent on the content of the identity catalog is based at 
least in part on the organizational afTiliation of principals \N\Vn\r\ an entity. However, such 
missing feature in Crane et al. is clearly taught in the fig. 4 and paragraphs [0100]- 
[0102] of the aforementioned Martherus et al. reference, the same field endeavor. It 
would have been obvious for a person having ordinary skill in the art to incorporate such 
well known feature as taught in the Martherus et al. reference into Crane et al.'s 
controlling authority motivated by "to help manage the users", as taught in paragraph 
[0100] of the Martherus et al. reference. 

As per claim 10, Crane et al. discloses a controlling authority as applied in 
claims 4 and 6 above. Crane et al. is silent on the content of the identity catalog is 
based at least in part on the geographical location of principals. However, such missing 
feature In Crane et al. is clearly taught in the fig. 4 of the aforementioned Martherus et 
al. reference, the same field endeavor. It would have been obvious for a person having 
ordinary skill in the art to incorporate such well known feature as taught in the Martherus 
et al. reference into Crane et al. controlling authority motivated by "to help manage the 
users", as taught in paragraph [0100] of the Martherus et al. reference. 
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15. Claims 14 and 20 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Martherus et al. (US Pub No. 2002/0112155) and Crane et al. (U.S. Patent No. 
6,510,236) as applied to claims 11-13 above, further in view of Hacherl (U.S. Patent No. 
6,324,571) 

As per claims 14 and 20, the combined teachings of Martherus et al. and Crane 
et al. disclose the method/apparatus as applied in claims 1 1 and 17. 

The combined teachings fail to disclose altering the assignment mapping 
whereby an account ID previously mapped to a first authenticating authority is 
remapped to a second authenticating authority. However, such missing limitations in 
the combined teachings in Martherus et al. and Crane et al. is taught in the 
aforementioned Hacherl reference by disclosing switching exclusive authority 
(corresponds to Applicant's authorized authentication authority) to perform a predefined 
system-wide task (e.g. authenticate a particular principal) in a network environment, 
(see abstract of Hacherl) 

Martherus et al.. Crane et al. and Hacherl are analogous art in that they are of 
the same field of endeavor, that is, method/apparatus of performing system-wide tasks 
in a network environment. It would have been obvious to a person of ordinary skill in 
the art at the time of the invention to incorporate such well known feature as taught in 
the Hacherl reference into the combined teachings of Martherus et al. and Crane et al.'s 
method/apparatus motivated by "Exclusive authority to perform the task should be 
easily transferred between machines, however, so as to avoid the limitations of prior 
single server design", as taught by Hacherl (col. 1, lines 61-64) 
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Response to Arguments 

16. Applicant's arguments filed 16 February 2007 have been respectfully and fully 
considered but they are not persuasive. 

17. Applicant argues "Neither Crane nor Martherus teaches or suggests accessing 
an assignment mapping... claim 1 1 patentable defines over the art of the record..." on 
pages 14-15, the examiner respectfully disagrees (Please see above 103 rejection) 

Conclusion 

18. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Ofnce action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 
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Contact Information 



Any inquiry concerning this communication or eariier communications from tine 
examiner should be directed to April Y. Shan whose telephone number is (571 ) 270- 
1014. The examiner can normally be reached on Monday - Friday, 8:00 a.m. - 5:00 
p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y. Vu can be reached on (571) 272-3859. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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